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Abstract 


This paper quantifies the time required to transmit 4 Kilobyte (KB), 8 KB, and 16 KB text files over a 
2-meter AX.25 packet radio network using Gnu Privacy Guard (GPG), Secure Socket Layer and 
Transport Layer Security (SSL/TLS), and Internet Protocol Security (IPsec) authentication software. 
Our results show that less time is required to transmit data using GPG authentication than either 
SSL/TLS authentication or IPsec authentication. The discussion contained in this paper will benefit 
those amateur radio operators who provide data communication for organizations that have signed a 
Memorandum of Understanding with the American Radio Relay League, such as the American Red 
Cross and the Salvation Army. 
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Introduction 


Within an AX.25 packet radio network, call sign “spoofing” is a trivial action because an unscrupulous 
individual can easily configure their AX.25 software to transmit messages using any United States 
Federal Communication Commission (FCC) call sign. Amateur radio operators who receive a 
“spoofed” message are often unable to determine whether (1) the message was actually transmitted by 
the individual associated with the call sign and/or (2) the received message was the one actually 
transmitted. A solution to this problem is to use authentication software. With respect to amateur radio, 
the FCC Part 97.219 rule requires that stations “authenticate the identity of the station from which it 
accepts communications on behalf of the system” (USFCC, 2009). 


In 2004, the American Radio Relay League’s High-Speed Multimedia & Networking Workgroup 
published a report requesting “... the support of the ARRL Board of Directors for development and 
filing of a ‘Notice of Proposed Rulemaking’ permitting the use of encryption and strong security 
protocols on domestic transmissions above 50 MHz” (Toth, 2004). Specifically, the authors’ claimed 
that “... licensees in the Amateur Radio Service need to be free to utilize ... industry-standard security 
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and authentication tools to protect the integrity of their stations’. These views are shared by 
(Champa, 2004) and (Rotolo, 2006). 


We, too, advocate the use of authentication software when transmitting messages over AX.25 packet 
radio networks. As such, this paper explores the use of Gnu Privacy Guard (GnuPG or GPG), Secure 
Socket Layer and Transport Layer Security (SSL/TLS), and Internet Protocol Security (IPsec) 
authentication software when transmitting messages (i.e. data). Specifically, we wish to quantify the 
time required to transmit data using these three authentication software compared to unauthenticated 
data transmissions. 


derld1.derl-ulm.edu (44.128.2.111) derld0.derl.ulm.edu (44.128.2.110) 


Figure 1: The logical hardware configuration of our AX.25 packet radio stations derld0 and derld1. 


For this research, authentication refers to the ability of an individual or station to determine whether (1) 
the sender of a received message is who they assert they are and/or (2) the message received is what was 
transmitted (Stallings, 2007). To adhere to the FCC Part 97.113 rule, messages were not, at any time 
during the transmission, encrypted or “encoded for the purpose of obscuring their meaning” (USFCC, 
2009). While GPG, SSL/TLS, and IPsec, by default, provide data encryption and authentication, we 
only used authentication when transmitting messages. 


Table 1: Specific software used to conduct our research. 


Software Associated Website or RFC 


Apache Web Server http://www.apache.org/ 
cURL http://curl.haxx.se/ 
UNIX time command http://www.kernel.org/doc/man- 

pages/online/pages/man1/time.1.html 

Gnu Privacy Guard http://www.gnupg.org/ 

OpenSSL http://www.openssl.org/ 
Secure Socket Layer/Transport Layer Security http://datatracker.ietf.org/doc/rfc5246/ 
Internet Protocol Security http://datatracker.ietf.org/doc/rfc4301/ 

Wireshark http://www.wireshark.org/ 
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Materials 


To conduct our research, we constructed an AX.25 packet radio network from a pair of Kenwood 
TM-271 2-meter transceivers, two Kantronics KPC-3+ 1200 bits per second terminal node controllers, a 
Diamond X30A antenna, and a Diamond X50A antenna. To transmit data, we used two Dell OptiPlex 
GX270 personal computers (PC) running Fedora Linux, core 8, which we named derld1.dcrl.ulm.edu 
(derld1) and derld0.dcrl.ulm.edu (dcerld0). Figure 1 shows the logical hardware configuration of our 
AX.25 packet radio network. For a thorough discussion of how we configured our computers, 
transceivers, and terminal node controllers, we refer the reader to (Wiedemeier, 2009 & 2008). 


Table 1 lists the software we used to conduct our research. Our software choices were driven by five 
requirements. First, we wanted to investigate how application layer, transport layer, and network layer 
authentication software influence data transmissions over AX.25 packet radio networks. See Figure 2. 
Second, we required the use of data transmission server software (e.g. FTP server or web server) that 
would allow us to evaluate each authentication software independently. In this way, we could determine 
each authentication software’s overall effect on data transmission time. 


Application Layer 


Transport Layer 


Network Layer 
Data Link Layer 


Physical Layer 


Figure 2: An “authentication enabled” generic data communication protocol stack. 


Third, we required the use of command line oriented client software that would allow us to retrieve data 
from the data transmission server software we chose to use. Additionally, we required that the client 
software display the elapsed time associated with a data transmission. Fourth, we required the use of 
network protocol analyzer software to inspect every packet transmitted between the client and server. 
Last, the software we used must be open source and must be installed on the Fedora Linux operating 
system. 


The data transmission server software we chose was Apache web server, version 2.2.9. Our decision to 
use an Apache web server was due to two unique features associated with the software. First, adding 
authentication support to an Apache web server is well documented and manageable for a 
knowledgeable UNIX system administrator. Second, the client software we chose can direct a secure 
Apache web server to use a specific encryption and authentication cipher when transmitting data. 


We installed and configured a standard Apache web server, as well as a secure Apache web server, on 
PC derld1. We next created three text files of size 4 Kilobyte (KB), 8 KB, and 16 KB, which we named 
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text4KB.txt, text8KB.txt, and textl16KB.txt respectively. These three files were copied to the directory 
/var/www/html on PC derld1. We refer the reader to (Wiedemeier, 2009 & 2008) for a discussion about 
the contents of these three files. 


We used the cURL client software on PC dcrld0 to retrieve the text files text4KB.txt, text8KB.txt, and 
textl6KB.txt from the standard and secure Apache web servers on PC derldl.derl. We chose cURL 
because it is able to send and receive data using many data communication protocols, including HTTP, 
HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, or FILE (Stenberg, 2010). We also 
chose cURL because it has a --ciphers command line argument that can instruct a secure web server to 
use specific authentication and encryption ciphers during data transmission. 


While cURL will display the elapsed time in seconds associated with each file transmission, we also 
used the ubiquitous UNIX time command to verify that the elapsed transmission time returned by cURL 
matched that returned by the UNIX time command. For each file transmitted, the date of transmission 
and elapsed transmission time were recorded in a Microsoft Excel spreadsheet. 


The application layer authentication software we chose to use was Gnu Privacy Guard (GnuPG or GPG). 


“GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data 
storage. It can be used to encrypt data and to create digital signatures. It includes an advanced 
key management facility and is compliant with the proposed OpenPGP Internet standard as 
described in RFC 2440. As such, it is aimed to be compatible with PGP from PGP Corp. and 
other OpenPGP tools” (Ellmenreich & Koch, 2010). 


The transport layer authentication software we chose to use was Transport Layer Security (TLS). “TLS 
and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that allow client/server 
applications to communicate across the Internet in a way designed to prevent eavesdropping and 
message tampering”. (Dierks & Rescorla, 2008). SSL/TLS is often used by organizations to secure data 
transmitted between web browsers/clients and a web server. 


The network layer authentication software we chose to use was Internet Protocol (IP) Security. Internet 
Protocol Security (IPsec) is a protocol suite for providing secure IP communications by authenticating 
and encrypting each IP packet transmitted. IPsec also includes protocols for establishing authentication 
between users and hosts at the beginning of a communication session and negotiation of the 
cryptographic keys to be used. (Kent, 2005). 


As discussed in the Introduction, the FCC Part 97.113 rule prohibits the transmission of encrypted data 
over amateur frequencies. Because SSL/TLS and IPsec, by default, encrypt and authenticate transmitted 
data, we configured both software to use RSA authentication and NULL encryption. We then used the 
wireshark network protocol analyzer to ensure that the software performed only authentication during 
data transmission. 


Methods 


The activities associated with installing, configuring, and transmitting data using the cURL, the UNIX 
time, and the GPG, SSL/TLS, and IPsec authentication software are discussed in the following 
subsections. To illustrate how we installed, configured, and used the authentication and associated 
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software, let us assume that two individuals, Alice and Bob, wish to transmit data over an AX.25 packet 
radio network. From Figure 1, we see that Alice and Bob own and manage PCs derld1 and dcrld0 
respectively. 


Apache Web Server 


To install the standard Apache web server, as root on dcrldl, Alice executes the command 
yum groupinstall “Web Server”. This command installs several software packages, including httpd, 
httpd manual, https modules, mod_ssl, Apache modules, PHP, perl, python. To configure a secure 
Apache web server Alice completes the activities discussed in the SSL/TLS Authentication subsection 
below. 


Wireshark Network Protocol Analyzer Configuration 


To ensure that all data transmissions are conducted without encryption, Bob uses the wireshark network 
protocol analyzer to capture and view all packets transmitted between dcrld0O and dcrldl. To use 
wireshark, he completes the following activities. 


1. As root on derld0, Bob executes the command yum install wireshark to install the network 
protocol analyzer software. 

2. Using his account on derld0, Bob executes the command wireshark to start the network protocol 
analyzer. 

3. After the wireshark program starts, he selects the “capture” tab and then selects “interfaces” from 
the dropdown menu. 

4. On the “Capture Interfaces” pop-up window, he clicks the “option” button associated with the 
“any” interface. 

5. On the “Capture Options” pop-up window, he enters the text 
“net 44.128.2.0 mask 255.255.255.0” in the “Capture Filter” textbox. 

6. Before Bob initiates a file request, he selects the “capture” tab and then selects “start” from the 
dropdown menu to begin capturing packets. 

7. He can now select and view any or all packets transmitted between derld0 and derld1. 

8. To end the packet capture, Bob selects the “capture” tab and then selects “stop” from the 
dropdown menu. 


No (i.e. “None”) Authentication 


To transmit data without authentication (i.e. “None’”), together, Alice and Bob complete the following 
activities. 


1. As root on derld1, Alice places the text files text4KB.txt, text8KB.txt, and textl6KB.txt in the 
directory /var/www/html. 

2. Using his account on derld0, Bob executes the command 
time curl http://dcrld1.cs.ulm.edu/text4KB. txt > /tmp/text4KB. txt. 

3. The httpd daemon on dcrld1.cs.ulm.edu receives the request and sends file text4KB.txt to the 
cURL program executed by Bob. 

4. Bob records the transmission time, in minutes and seconds, returned by the UNIX time command 
in a Microsoft Excel spreadsheet. See Table Al in the Appendix. 
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To obtain twenty transmission of the file text4KB.txt, Bob completes activities 2 through 4 
nineteen additional times. 

Bob computes an average transmission time from the twenty transmission times collected and 
records this data in the Microsoft Excel spreadsheet. See Table Al in the Appendix. 

Bob completes activities 2 through 6 for files text8KB.txt and textl16KB.txt. See Table Al in the 
Appendix. 


GPG Authentication 


To transmit data using GPG authentication, together, Alice and Bob complete the following activities. 
Notice in activity 7, Alice and Bob must securely exchange electronic copies of their GPG public keys. 


1. 


2 


10. 


11. 


12: 


13. 


14. 


15. 
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As root on derld1, Alice executes the command yum install gpg to install the GPG software on 
derld1. 
As root on derld0, Bob executes the command yum install gpg to install the GPG software on 
derld0. 


. Using her account on derld1, Alice creates a GPG public and private key pair by executing the 


command gpg --gen-key. 

Alice creates a text file that contains her GPG public key by executing the command 
gpg --export --armor “Alice” > Alice _GPG_public_key.txt. 

Using his account on dcrld0, Bob creates a GPG public and private key pair by executing the 
command gpg --gen-key. 

Bob creates a text file that contains his GPG public key by executing the command 
gpg --export --armor “Bob” > Bob_GPG_public_key.txt. 

In a secure manner, Alice and Bob exchange electronic copies of the text files that contain their 
respective GPG public keys. 

Using her account on derld1, Alice places Bob’s GPG public key on her GPG key ring by 
executing the command gpg --import Bob_GPG_public_key. txt. 

Alice determines the fingerprint of Bob’s GPG public key by executing the command 
gpg --list-keys --fingerprint “Bob”. 

Alice signs Bob’s GPG public key by executing the command 
gpg --sign-key [Bob’s GPG public key fingerprint here]. In doing so, Alice now “trusts” all files 
signed by Bob’s GPG private key. 

Using his account on derld0, Bob places Alice’s GPG public key on his GPG key ring by 
executing the command gpg --import Alice _GPG_public_key.txt. 

Bob determines the fingerprint of Alice’s GPG public key by executing the command 
gpg --list-keys --fingerprint “Alice”. 

Bob signs Alice’s GPG _ public key by © executing the |= command 
gpg --sign-key [Alice’s GPG public key fingerprint here]. In doing so, Bob now “trusts” all files 
signed by Alice’s GPG private key. 

Using her account on dcrld1, Alice “clearsigns” the text file text4KB.txt using her GPG private 
key by executing the command gpg --clearsign text4KB.txt. This command creates a new file 
named text4KB.txt.asc. An example of a GPG clearsigned file is shown in Figure 3. The 
unencrypted data portion of the file shown in Figure 3 has been truncated due to space 
constraints. 

As root on derld1, Alice renames the file text4KB.txt.asc as text4KB.txt.dcrldl.asc and places it 
in the directory /var/www/html. 


16. 


17. 


18. 


19. 


20. 


21. 


22; 


Using his account on derld0, Bob executes the command 
time curl http://dcrld1.cs.ulm.edu/text4KB.txt.dcrldl.asc > /tmp/text4KB.txt.dcrld1.asc. 

The httpd daemon on _ decrldl.cs.ulm.edu receives the request and_ sends file 
text4KB.txt.dcrld1.asc to the cURL program executed by Bob. 

Bob records the transmission time, in minutes and seconds, returned by the UNIX time command 
in a Microsoft Excel spreadsheet. See Table A2 in the Appendix. 

To verify that the file text4KB.txt.dcrldl.asc was (1) signed by Alice’s GPG public key and (2) 
that the contents of the file were not changed or modified during transmission, Bob executes the 
command gpg --verify /tmp/text4KB. txt.dcrld1.asc. 

To obtain twenty transmission of the file text4KB.txt.derldl.asc, Alice and Bob complete 
activities 14 through 19 nineteen additional times. 

Bob computes an average transmission time from the twenty transmission times collected and 
records this data in the Microsoft Excel spreadsheet. See Table A2 in the Appendix. 

Alice and Bob complete activities 14 through 21 for files text8KB.txt.derldl.asc and 
textl6KB.txt.derldl.asc. See Table A2 in the Appendix. 


Hash: SHA1 


012345678901234567890123456789012345678901234567890 ... 
012345678901234567890123456789012345678901234567890 ... 


Unencrypted 
Data 


012345678901234567890123456789012345678901234567890 ... 
012345678901234567890123456789012345678901234567890 ... 


: GnuPG vl.4.7 (GNU/Linux) 


LQIVAWUBS2pEdvTJW917crFSAQUJePw//YG97nwpNKXS 9NPgpZQblq3/ualwDlrN2 
Ss9fPkV78SRtXUBZNF6GVE07B3K2t1lAF7K8YKU38c9V1TE95UgAE4UBagqM5n4Hal 
SWLFEDO4TAW4 / 6tuwVgNZxSIb7j vAPO1LRXAjJgHN5HEi 6Fus/mjs/rsU8E4atbuZ 
HufYrDoolFSu8rDDZ8sFvdATqlwghPvQJwC fQn+CkLpKFg32A+mATcm1Z8gfPo2h 
HI+cig8vxaztcjOEC42Scq/erm8 0Hde5u4+0MUp1 D6UuUhGPRpTXw82+GHETW3RzL 

j zFTvWwbpsFiY7 9wvZN7DcbJs/gRDMtpSakm5q7MmVB121ixi£XfIZXLR6CGX/6/ GPG 
HZ46X1n0/7060183yWC91XPO0CUqbaJs 9BrVYDNAPWbK2vhh2F2kYMEzrF1lnUUv42 Signature 
DOQEOyq3j 6/0VmIIrGjiAxgkKPw9cfGAdxM9S3FoxiLJYhBdqZhcTONhfb04zbod5s 
aZn/ak+OZmd8vqVvyD07ufwml 6ttq8MeKiHtwm0 9tY7Zyp 9bwew92VneAI PEFLOS 
oGBc431KX1SXYqEQB11IBOwUmIMBOuDXm6vSRpOmYhPkfYPDj F1ISj69fOWgG85k5Ez 
Ntz1Bz01dDNwLtZxrk3ETdq01lvLsZYhVNYXHGFO0oJzObiuiPZiyPFvp4RUT9Idc6L 

gmijwab0u8E= 


D PGP SIGNATURE 


Figure 3: An example GPG “clearsigned” file. 


SSL/TLS Authentication 


To transmit data using SSL/TLS authentication, together, Alice and Bob complete the following 
activities. Notice in activity 1.g, Alice must find a secure method to provide Bob with an electronic 
copy of derld1’s SSL/TLS certificate. Notice, also, in activities 1.r, 2.f, and 3.a, Alice and Bob are 
requesting files from dcrld1’s secure Apache web server. 
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1. 
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As root on derld1, Alice completes the following activities. 


a. 


b. 


She executes the command cd /etc/pki/tls/certs to enter this directory. 
She executes the command make dcrld1.key to generate a RSA private key. 
i. Executing the command openss! genrsa -des3 1024 > dcrldl.key accomplishes 
the same task. 
She executes the command make dcrid1.csr to create a certificate signing request (CSR) 
for an SSL/TLS certificate. 
i. Executing the command openssl req -utf8 -new -key dcrld1.key -out dcrldl.csr 
accomplishes the same task. 
She executes the command make dcrld1.crt to generate a self-signed SSL/TLS certificate. 
i. Executing the command 
openssl req -utfS -new -key dcrld1.key -x509 -days 365 -out dcrld1.crt -set_serial 0 
accomplishes the same task. 
To move the private key to the appropriate directory, Alice executes the command 
mv dcrIc1.key ../private/dcrld1.key. 
She executes the command openss! x509 -text -in dcrldl.crt > dcrldl.pem to create a 
privacy enhanced mail (PEM) formatted file of the derld1.crt self-signed SSL certificate. 
PEM files are used to exchange SSL/TLS certificates between computers. 
In a secure manner, Alice provides Bob with an electronic copy of the file derld1.pem. 
She executes the command hostname dcrid/ to set the hostname of her computer. 
She executes the command domainname dcrl.ulm.edu to set the domainname of her 
computer. 
To add network support for dcrld0, she executes the command 
echo “44.128.2.110 dcrld0.dcrl.ulm.edu dcrld0” >> /etc/hosts. 
To add = network support for dcerldl, she executes the command 
echo “44.128.2.111 dcrld1.dcrl.ulm.edu dcrld1” >> /etc/hosts. 
She executes the command vi /etc/httpd/conf/httpd.conf to edit this file. 


i. She modifies the line “ServerName” so that it reads 
“ServerName dcrld1.dcrid.ulm.edu’’. 
ii. She modifies the line “ServerAdmin” 0) that it reads 


“ServerAdmin [Alice’s email address]”’. 


. She executes the command vi /etc/httpd/conf.d/ssl.conf to edit this file. 


i. She modifies the line “ServerName” SO that it reads 
“ServerName dcrld1.dcrld.ulm.edu’’. 
ii. She modifies the line “SSLCertificateFile’ so that it reads 
“SSL CertificateFile /etc/pki/tls/certs/dcrld1.crt’. 
iii. She modifies the line “SSLCertificateKeyFile’ so that it reads 
“SSL CertificateKeyFile /etc/pki/tls/private/dcrldl key’. 
iv. She modifies the line “SSLCipherSuite” and adds “:NULL” at end to add support 
for NULL encryption message transmission. 
She executes the command cp ca-bundle.crt ca-bundle_ORIG.crt to retain a copy of 
derld1’s original certificate bundle file. 
She executes the command cat dcrld1.crt >> ca-bundle.crt to append dcrld1’s certificate 
to derld1’s certificate bundle file. 
She executes the command service httpd stop to stop the httpd daemon. 
She executes the command service httpd start to start the httpd daemon. 


She executes the command curl --verbose https://dcrld1.dcrid.ulm.edu to test dcrld1’s 
secure Apache web server. 

She places the text files text4KB.txt, text8KB.txt, and textl6KB.txt in the directory 
/var/www/html. 


2. As root on dcrld0, Bob completes the following activities. 


He executes the command cd /etc/pki/tls/certs to enter this directory. 

He executes the command cp ca-bundle.crt ca-bundle_ORIG.crt to retain a copy of the 
derld0O’s original certificate bundle file. 

He executes the command cat dcrid1.pem >> ca-bundle.crt to append derld1’s certificate 
to derld0’s certificate bundle file, where dcrld1.pem is the PEM file created by Alice. 

To add network support for dcerld0, he executes the command 
echo “44.128.2.110 dcrld0.dcrl.ulm.edu dcrld0” >> /etc/hosts. 

To add network support for dceridl, he executes the command 
echo “44.128.2.111 dcrld1.dcrl.ulm.edu dcrld1” >> /etc/hosts. 

He executes the command curl --verbose https://dcrld!.dcrld.ulm.edu to test dcrld1’s 
secure Apache web server. 


3. Using his account on derld0, Bob completes the following activities. 


a. 


Bob executes the command time curl --ciphers rsa_null_md5 
https://dcrld1.dcrl.ulm.edu/text4KB.txt >  /tmp/text4KB. txt. The cURL --ciphers 
rsa_null_md5 command line argument instructs the secure web server on dcrld1 to use 
RSA authentication and NULL encryption during transmission. 

The httpd daemon on derld1.cs.ulm.edu receives the request and sends file text4KB.txt to 
the cURL program executed by Bob. 

Bob records the transmission time, in minutes and seconds, returned by the UNIX time 
command in a Microsoft Excel spreadsheet. See Table A3 in the Appendix. 

To obtain twenty transmission of the file text4KB.txt, Bob completes activities 3.a, 3.b, 
and 3.c nineteen additional times. 

Bob computes an average transmission time from the twenty transmission times collected 
and records this data in the Microsoft Excel spreadsheet. See Table A3 in the Appendix. 
Bob completes activities 3.a through 3.e for files text8KB.txt and textl6KB.txt. See 
Table A3 in the Appendix. 


IPsec Authentication 


To transmit data using IPsec authentication, together, Alice and Bob complete the following activities. 
Notice, unlike GPG and SSL/TLS authentication, Alice and Bob do not exchange keys or certificates 
when using IPsec authentication. 


1. As root on derld1, Alice completes the following activities. 


a. 


She executes the command system-config-network to start the Network Configuration 
tool and then completes the following activities after the program starts. 
i. She selects the “IPsec” tab and then click the “New” button to create new IPsec 
configuration 
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ii. She enters “packet” as the “Nickname”, but does not check the 
“Activate the connection when the computer starts” check box. 
ili. She selects the “Host to Host encryption” radio button. 
iv. She selects “Auto encryption mode selection via IKA (raccoon)” radio button. 
i. She enters “44.128.2.110”, which is decrld0’s IP address, as_ the 
“Remote IP address”. 
v. She enters “SOMEAUTHPHRASE” as the “Authentication key”. We suggest 
using the authentication phrase used to create your GPG public and private keys. 
vi. She applies the IPsec configurations. 
b. She executes the command vi /etc/raccoon/raccoon.conf to edit this file. 
i. In the sainfo {} block, she modifies the “encryption _algorithm” line to read 
“encryption_algorithm null_enc;”. 
c. She starts the IPsec “packet” interface by executing the command ifup packet. 
i. Alice can stop the IPsec “packet” interface by executing the command 
ifdown packet. 
d. Alice places the text files text4KB.txt, text8KB.txt, and textl6KB.txt in the directory 
/var/www/html. 


2. As root on derld0, Bob completes the same activates completed by Alice shown above, except 
1.d. With respect to activity 1.a.i. above, he would enter “44.128.2.111” as derld1’s “Remote IP 
address”. 


3. Using his account on derld0, Bob completes the following activities. 


a. Bob executes the command 
time curl http://dcrld1.cs.ulm.edu/text4KB. txt > /tmp/text4KB. txt. 

b. The httpd daemon on derld1.cs.ulm.edu receives the request and sends file text4KB.txt to 
the cURL program executed by Bob. 

c. Bob records the transmission time, in minutes and seconds, returned by the UNIX time 
command in a Microsoft Excel spreadsheet. See Table A4 in the Appendix. 

d. To obtain twenty transmission of the file text4KB.txt, Bob completes activities 3.a, 3.b, 
and 3.c nineteen additional times. 

e. Bob computes an average transmission time from the twenty transmission times collected 
and records this data in the Microsoft Excel spreadsheet. See Table A4 in the Appendix. 

f. Bob completes activities 3.a through 3.e for files text8KB.txt and textl6KB.txt. See 
Table A4 in the Appendix. 


Results 


The time required to transmit the 4 KB, 8 KB, and 16 KB text files between our two AX.25 packet radio 
stations using the GPG, SSL/TLS, and IPsec authentication software is shown in Figure 4 and displayed 
as “long dash”, “square dot”, and “round dot” lines respectively. The “solid” “None” line represents 
data transmission time without authentication. The data used to create the plots shown in Figure 4 are 
shown in Tables Al, A2, A3, and A4 in the Appendix. A plot of no (i.e. “None”’) authentication is 
shown in Figure Al in the Appendix and plots of GPG, SSL/TLS, and IPsec authentication versus no 
(i.e. “None’”’) authentication are shown in Figures A2, A3, and A4 in the Appendix. 


210 


With respect to Figure 4, the data show that more time is required to transmit the text files using GPG, 
SSL/TLS, and IPsec authentication compared to no (i.e. “None”) authentication. However, two 
“features” should be noted. First, less time is required to transmit the 4 KB, 8 KB, and 16 KB text files 
using GPG authentication versus SSL/TLS authentication. Second, more time is required to transmit the 
4 KB text file using IPsec authentication compared to GPG authentication, but less time is required to 
transmits the same file using IPsec authentication compared to SSL/TLS authentication. However, more 
time is required to transmit the 8 KB and 16 KB text files using IPsec authentication compared to both 
GPG authentication and SSL/TLS authentication. We discuss both “features” in the following 
paragraphs. 
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Figure 4: GPG, SSL/TLS, IPsec, and No (i.e. “None’”’) Authentication Data Transmission Time. 


As shown in Figure 4, and Figures A2 and A3 in the Appendix, the plots of GPG authentication and 
SSL/TLS authentication transmission times mirror that of no (i.e. “None’’) authentication transmission 
times. The reason for this “mirroring” is based on the amount of data transmitted by each authentication 
software. For example, when transmitting a 4 KB file using no (i.e. “None”’) authentication, the amount 
of data transmitted is 4 KB plus the overhead data transmitted by the Apache web server. The amount 
of data transmitted using GPG authentication is the 4 KB file size plus the size in bytes of the GPG 
clearsigned authentication header plus the overhead associated with the Apache web server. The 
amount of data transmitted using SSL/TLS authentication is 4 KB file size plus the SSL/TLS 
authentication header plus the overhead associated with the Apache web server. Overall, we see that the 
amount of authentication in bytes required by GPG and SSL/TLS to transmit the 4 KB, 8 KB, and 16 
KB text files remains constant as the file size increases. This result is illustrated in Figure 5, where the 
percentage of GPG an SSL/TLS authentication decreases as file size increases. For text files larger than 
16 KB, we expect the percentage of GPG and SSL/TLS authentication, relative to file size, to decrease 
because the size of GPG and SSL/TLS authentication headers remains fixed. 


211 


20.00% + 


+-%+ IPSec 
SSUTLS 
—@ -GPG 


o 
a 
S 
£ 
E 
oa 
2 
& 
o 


File Size 


Figure 5: GPG, SSL/TLS, and IPsec Authentication Data Transmission Time as a Percentage of No (i.e. 
“None’”’) Authentication Data Transmission Time. 


As shown in Figure 4 and Figure A4 in the Appendix, the time required by IPsec authentication to 
transmit 4 KB, 8 KB, and 16 KB text files does not mirror that required by no (i.e. “None’”) 
authentication. This is because IPsec authenticates each packet transmitted. Specifically, as file size 
increases, the number of packets transmitted increases, which increases the amount of IPsec 
authentication transmitted. As shown in Figure 5, the percentage of authentication overhead required by 
IPsec, compared to no (i.e. “None’’) authentication is approximately 17% of the file size transmitted. 


Conclusion 


From our results, we advocate using GPG authentication when transmitting messages over AX.25 
packet radio networks because it requires less transmission time compared to SSL/TLS and IPsec 
authentication. However, what the data in our figures and tables do not show is the time required to 
install and configure the authentication software, and the knowledge required by the individual 
responsible for configuring the Apache web server. The author hopes that the activities discussed in the 
Methods section of this paper, which Alice and Bob must complete to authenticate data, provide the 
reader with a general “feel” for the work and knowledge required to use the GPG, SSL/TLS, and IPsec 
authenticate software. 
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Appendix 
Table Al: No (i.e. “None’”’) Authentication Data Transmission Time. 


4 KB File Size 8 KB File Size 16 KB File Size 
Total Total 
Minutes Seconds Seconds Minutes Seconds Seconds Minutes Seconds 


270.5 


19.6 139.6 Avg. =4 15.4 255.4 Avg. =7 


Total 
Seconds 


Transmission Time in Seconds 


8 KB 
File Size 


Figure Al: No (i.e. “None”’) Authentication Data Transmission Time. 
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Table A2: GPG Authentication Data Transmission Time. 


4 KB File Size 8 KB File Size 16 KB File Size 
Total Total Total 
Minutes Seconds Seconds Minutes Seconds Seconds Minutes Seconds Seconds 


272.9 Avg.=8 


Transmission Time in Seconds 


8KB 
File Size 


Figure A2: GPG versus No (i.e. “None’”’) Authentication Data Transmission Time. 
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Table A3: SSL/TLS Authentication Data Transmission Time. 
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Figure A3: SSL/TLS versus No (i.e. “None”’) Authentication Data Transmission Time. 
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Table A4: IPsec Authentication Data Transmission Time. 


4 KB File Size 8 KB File Size 16 KB File Size 
Total Total Total 
Minutes Seconds Seconds Minutes Seconds Seconds Minutes Seconds Seconds 


43.9 163.9 Avg. = 59.3 299.3 Avg. =9 19.5093 559.5093 


Transmission Time in Seconds 


8KB 
File Size 


Figure A4: IPsec versus No (i.e. “None”’) Authentication Data Transmission Time. 
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